[{"data":1,"prerenderedAt":115},["ShallowReactive",2],{"content:\u002F2010s\u002Fscore-query-leak":3,"surround:\u002F2010s\u002Fscore-query-leak":103},{"id":4,"title":5,"body":6,"categories":77,"date":79,"description":80,"draft":81,"extension":82,"image":83,"meta":84,"navigation":86,"path":87,"permalink":83,"published":83,"readingTime":88,"recommend":83,"references":83,"seo":93,"sitemap":94,"stem":95,"tags":96,"type":100,"updated":101,"__hash__":102},"content\u002Fposts\u002F2010s\u002Fscore-query-leak.md","记一个陕西中考分数查询系统漏洞",{"type":7,"value":8,"toc":74},"minimark",[9,13,16,32,35,38,41,44,54,57],[10,11,12],"p",{},"中考结束后，出成绩前一晚，我登入了陕西省中考分数查询系统，这是一个带有准考证号和身份证号输入框的网页。",[10,14,15],{},"输入信息后点击查询，系统提醒查询时间未到。",[10,17,18,19,23,24,27,28,31],{},"我使用HttpCanary抓包软件，发现网页在查询时，向",[20,21,22],"code",{"code":22},"http:\u002F\u002F111.20.215.158:8091\u002FMForm\u002FScore\u002FQueryScoreHandler.ashx","发送了请求，带有参数",[20,25,26],{"code":26},"Zkzh","（准考证号）和",[20,29,30],{"code":30},"Sfzh","（字母S开头的学籍号，与身份证号同号）。",[10,33,34],{},"直接访问这个地址，得到的是一串JSON代码，里面包含了查询的返回数据。",[10,36,37],{},"朋友跟我说，明天出成绩，虚的他手抖，我就把这个方法告诉了他。因为这样的话看到的数据不直观，而不像“通知书”那样正式，所以不会令人那么紧张。",[10,39,40],{},"第二天中午12:00出成绩，但从早上开始，许多同学家长在家长自建的学校家长群里说着“查询界面加载慢”“查询界面关了”之类的话。现在查询界面连输入框都没有了，直接说“查询未开始”。我试着重传昨晚抓包得到的请求，结果出现了好多科目的分数，我慌了，因为看到的成绩没有达到预期的目标。而且现在才不到11点，大家都查不到成绩，我怎么能提前知道成绩呢？",[10,42,43],{},"后来过了12点，还有一些同学和我说进不去查询页面，我就把这个方法告诉了他们：",[45,46,51],"pre",{"className":47,"code":49,"language":50},[48],"language-text","http:\u002F\u002F111.20.215.158:8091\u002FMForm\u002FScore\u002FQueryScoreHandler.ashx?Zkzh=把这里改成准考证号&Sfzh=S把这里改成身份证号\n","text",[20,52,49],{"__ignoreMap":53},"",[10,55,56],{},"说来也怪，他们本来进不去查询界面的，但是用这串网址立马就能查到成绩。我害怕查到的内容不准确，特意让一些已经通过正常方式查到成绩的同学再用这个方法查一遍，他们也都很快查到了成绩，并且和之前查到的分数相同。说明这个方法是准确有效的，一些进不去系统的同学也能查到自己的中考分数了。好耶！",[58,59,61,64,71],"alert",{"title":60},"2019年9月8日 补充",[10,62,63],{},"进入高中后，我把这件事情讲给新朋友听，有一个朋友说，他就是用群里看到的这串代码查到了自己的成绩。后来我又问了问其他新同学，还有几个同学也是用这种方法查到的成绩。",[10,65,66,67,70],{},"所以我发了一条说说：",[20,68,69],{"code":69},"I'm indeed that person.","，配上了中考查分前一晚和朋友的聊天记录。",[10,72,73],{},"消息传播的力量是强大的，没想到我无意间研究出来的方法竟然传播了这么广，真切地解决了大家遇到的问题。",{"title":53,"searchDepth":75,"depth":75,"links":76},4,[],[78],"安全","2019-07-23 22:53:00","2019年陕西中考成绩公布前，发现中考分数查询系统的漏洞，可以提前获取并确认成绩准确性，帮助了许多无法正常查询成绩的同学。",false,"md",null,{"slots":85},{},true,"\u002F2010s\u002Fscore-query-leak",{"text":89,"minutes":90,"time":91,"words":92},"4 min read",3.435,206100,687,{"title":5,"description":80},{"loc":87},"posts\u002F2010s\u002Fscore-query-leak",[97,98,99],"漏洞分析","中考","信息安全","story","2019-09-08 11:03:00","kTpsbGmOldBt1L5cnMORuJ8b_a0hh5jjpmx7bka5ddA",[104,110],{"title":105,"path":106,"stem":107,"date":108,"type":109,"children":-1},"Windows 7 开机动画的制作","\u002F2010s\u002Fwindows-launch-anim","posts\u002F2010s\u002Fwindows-launch-anim","2018-05-18 20:47:20","tech",{"title":111,"path":112,"stem":113,"date":114,"type":100,"children":-1},"纸鹿站记","\u002F2010s\u002Fzhilu-site-biography","posts\u002F2010s\u002Fzhilu-site-biography","2019-08-08 22:01:00",1782091378453]